Generating Service-To-Service Dependency Map from DNS and Authentication Logs

1. A distributed computing system, comprising: a processor and memory storing instructions that cause the processor to execute: a domain name service (DNS) log analyzer configured to identify a dependency of a first service executed on a first virtual machine (VM) at a first server of the distributed computing system, on a second service executed on a second VM at a second server of the distributed computing system, via one or more DNS logs of a DNS server of the distributed computing system; an authentication log analyzer configured to identify a dependency of the first service on a third service executed at a third server of the distributed computing system, via one or more token authentication logs of an authentication server of the distributed computing system; and a dependency map generator configured to generate a service-to-service dependency map including the dependency between the first service and the second service identified via the DNS log analyzer, and the dependency between the first service and third service identified via the authentication log analyzer, wherein the DNS log analyzer is further configured to identify a dependency between the second service and the third service based on the one or more DNS logs, the second service is a pass-through service that passes a request from the first service to the third service for processing, the dependency between the second service and the third service identified via the DNS log analyzer is included in the service-to-service dependency map, the service-to-service dependency map is output to a downstream computing program for processing, the downstream computing program being selected from the group consisting of a recovery program, a fault diagnosis program, a geographic compliance program, and a threat identification program, the geographic compliance program is configured to determine a geographic scope of a location of servers executing the first service and the second service as the processing operation, and the threat identification program is configured to scan system logs of servers executing dependent services of the first service to identify a presence or effect or a virus or malware on the servers as the processing operation.

2. The computing system of claim 1, wherein the DNS log analyzer is configured to identify the dependency of the first service on the second service by: identifying, within a DNS request log of the one or more DNS logs, a DNS request log record for a DNS request, the DNS request log record including a source identifier associated with the first service and a source IP address associated with the first service, wherein the source identifier is determined to be associated with the first service by identifying a virtual machine (VM) implementing the first service on a computer that has been assigned the source IP address, wherein the source identifier is a source virtual machine identifier or a source container identifier, identifying, within the DNS request log record a destination fully qualified domain name requested by the DNS request, identifying within a DNS response log record for a DNS response to the DNS request, a destination IP address for the destination fully qualified domain name, and identifying the second service as being associated with the destination IP address.

3. The computing system of claim 1, wherein the authentication log analyzer is configured to identify the dependency between the first service and third service, based on an authentication log record for an authentication request from the third service to authenticate a token of the first service received via the second service.

4. The computing system of claim 3, wherein the authentication log analyzer is further configured to identify the dependency of the first service on the third service at least in part by: identifying, within a token generation log of the one or more authentication logs, a token generation log record, the token generation log record including the source container identifier and a globally unique identifier (GUID) as the token, wherein the source container identifier is associated with a source container implementing a virtual machine (VM) that has been assigned the GUID associated with the token; identifying in the authentication logs a token authentication request from the second service for a token associated with the first service; and identifying, within an authentication response log of the one or more authentication logs, an authentication response log record for an authentication response, the authentication response log record including a destination identifier that identifies a VM implementing the third service that requested authentication of the token, the token including the GUID assigned to the VM implemented by the source container.

5. The computing system of claim 3, wherein the dependency map generator is further configured to: determine the second service is a pass-through service by comparing a timeframe of a DNS request from the second service requesting the IP address of the third service and a DNS response to this DNS request, a timeframe of a DNS request from the first service requesting the IP address of the second service, and a timeframe of the authentication request from the third service.

6. The computing system of claim 1, wherein the recovery program is configured to compute a recovery schedule for restarting services based on the service-to-service dependency map as the processing operation, and the fault diagnosis program is configured to generate a fault diagnosis based on the service-to-service dependency map as the processing operation.

7. The computing system of claim 1, wherein the computing system is configured to display the service-to-service dependency map within a graphical user interface, and a number of levels of dependency displayed is determined by input from a user.

8. The computing system of claim 1, wherein the service-to-service dependency map is mapped over a lifetime of the identified first service, including build time, test time, deployment time, run time, and retirement.

9. A computing method for a distributed computing system, comprising: identifying a dependency of a first service executed on a first virtual machine (VM) at a first server of the distributed computing system, on a second service executed on a second VM at a second server of the distributed computing system, via one or more domain name service (DNS) logs of a DNS server of the distributed computing system; identifying a dependency of the first service on a third service executed at a third server of the distributed computing system, via one or more token authentication logs of an authentication server of the distributed computing system; identifying a dependency between the second service and the third service based on the one or more DNS logs, the second service being a pass-through service that passes a request from the first service to the third service for processing; generating a service-to-service dependency map including the dependency between the first service and the second service, the dependency between the second service and the third service, and the dependency between the first service and third service; and outputting the service-to-service dependency map to a downstream computing program for processing, the downstream computing program being selected from the group consisting of a recovery program, a fault diagnosis program, a geographic compliance program, and a threat identification program, wherein the geographic compliance program is configured to determine a geographic scope of a location of servers executing the first service and the second service as the processing operation, and the threat identification program is configured to scan system logs of servers executing dependent services of the first service to identify a presence or effect or a virus or malware on the servers as the processing operation.

10. The computing method of claim 9, wherein identifying the dependency of the first service on the second service is accomplished at least in part by: identifying, within a DNS request log of the one or more DNS logs, a DNS request log record for a DNS request, the DNS request log record including a source identifier associated with the first service and a source IP address associated with the first service, wherein the source identifier is determined to be associated with the first service by identifying a virtual machine (VM) implementing the first service on a computer that has been assigned the source IP address, wherein the source identifier is a source virtual machine identifier or a source container identifier, identifying, within the DNS request log record a destination fully qualified domain name requested by the DNS request, identifying within a DNS response log record for a DNS response to the DNS request, a destination IP address for the destination fully qualified domain name, and identifying the second service as being associated with the destination IP address.

11. The computing method of claim 9, wherein identifying the dependency of the first service on the third service is accomplished at least in part by, identifying an authentication log record for an authentication request from the third service to authenticate a token of the first service received via the second service.

12. The computing method of claim 11, wherein identifying the dependency of the first service on the third service is at least in part accomplished by: identifying, within a token generation log of the one or more authentication logs, a token generation log record, the token generation log record including the source container identifier and a globally unique identifier (GUID) as the token, wherein the source container identifier is associated with a source container implementing a virtual machine (VM) that has been assigned the GUID associated with the token; identifying in the authentication logs a token authentication request from the second service for a token associated with the first service; and identifying, within an authentication response log of the one or more authentication logs, an authentication response log record for an authentication response, the authentication response log record including a destination identifier that identifies a VM implementing the third service that requested authentication of the token, the token including the GUID assigned to the VM implemented by the source container.

13. The computing method of claim 9, the method further comprising: determining the second service is a pass-through service by comparing a timeframe of a DNS request from the second service requesting the IP address of the third service and a DNS response to this DNS request, a timeframe of a DNS request from the first service requesting the IP address of the second service, and a timeframe of the authentication request from the third service.

14. The computing method of claim 13, wherein the recovery program is configured to compute a recovery schedule for restarting services based on the service-to-service dependency map as the processing operation, and the fault diagnosis program is configured to generate a fault diagnosis based on the service-to-service dependency map as the processing operation.

15. The computing method of claim 9, the method further comprising: mapping the service-to-service dependency map over a lifetime of the identified first service, including build time, test time, deployment time, run time, and retirement.

16. A computing method for a distributed computing system, comprising: identifying a dependency of a first service executed on a first virtual machine (VM) at a first server of the distributed computing system, on a second service executed on a second virtual machine at a second server of the distributed computing system, via one or more domain name service (DNS) logs of a DNS server of the distributed computing system, wherein the second service is a pass-through service that passes a request from the first service to a third service for processing; identifying a dependency of the first service on the third service executed at a third server of the distributed computing system, via one or more token authentication logs of an authentication server of the distributed computing system; identifying a dependency between the second service and the third service based on the one or more DNS logs; generating a service-to-service dependency map including the dependency between the first service and the second service, the dependency between the second and third service, and the dependency between the first service and third service; outputting the service-to-service dependency map as input to a downstream computing program executed on a server of the distributed computing system; performing, via the downstream computing program, a processing operation based on the service-to-service dependency map; and outputting a processing result of the processing operation, wherein the downstream computing program is selected from the group consisting of a recovery program, a fault diagnosis program, a geographic compliance program, and a threat identification program, wherein the geographic compliance program is configured to determine a geographic scope of a location of servers executing the first service and the second service as the processing operation, and the threat identification program is configured to scan system logs of servers executing dependent services of the first service to identify a presence or effect or a virus or malware on the servers as the processing operation.